On 10/06/07, snowcrash+exim-users <[EMAIL PROTECTED]> wrote: > iiuc NOW, that refers ONLY to the, > > > reject invalid recipients at the edge > > you mention, leaving me with the probelm on content scan, is that correct?
Correct > > - configure the content scan on the edge server, but have it call a > > scanner on an internal server. This might work depending what > > scanner(s) you're using. > > i'm using CLAMAV & SPAMASSASSIN. both of which can listen on either > UNIX socket or over TCP. Look at the content scanning stuff in the docs, you can configure the spam and malware scanner functionality to call a TCP socket. But this might not do what you want - I don't know if in these particular cases, Exim will pass the content to be scanned across the socket - I've a sneaky suspicion it just passes a path/filename - relying on the process the other end of the socket to open the content file directly. So you'd need to do this over NFS or similar. Getting nasty. > > Then the edge server can reject inline when > > it finds bad content - this is the right way to do it. > > my main worry with this approach -- which may be something I have to > live with if i choose to do it -- is that the message will make > multiple network traversals from "edge" to "core", even for an OK > message. Yes - is internal network traffic that expensive, though? > > - use a SMTP proxy on the edge server instead of an MTA. This will > > make the internal server do all the work. > > per an earlier recommendation, i'd looked at ASSP as an SMTP proxy --- > but my understanding was that if deployed ON the "edge" router, the > 'work' would be done there as well ... I didn't mean an intelligent proxy like ASSP, which does indeed do the 'work', I meant a simple pass-through proxy - perhaps even just a reverse NAT. Then there's no work at all on the edge server. In fact, you don't then need the edge server at all. Peter -- Peter Bowyer Email: [EMAIL PROTECTED] -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
